Learning Paths

Blue Team Tools

  • Number of Courses18 courses
  • Duration9 hours

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Further details on the MITRE Shield framework can be found at https://shield.mitre.org/

Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/

Our blue team tooling courses focus on the use of a specific industry-standard, open source tool to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Knowing what a tool is and how it can be integrated into your overall enterprise security strategy will ultimately lend to your ability as an organization or an individual to defend against specific adversary activity.

Courses in this path

Introduction

The first course in this series discusses the use of open source, blue team tools to fill the gaps in your enterprise security, in turn, enable your information security organization to evolve their capabilities as fast as the threat actors you are defending against.

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

  • by Aaron Rosenmund
  • 19m Duration
  •  (11)

Network Analysis

In this section, you will learn about the tools associated with network analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Network Analysis with Arkime

  • by Josh Stroschein
  • 45m Duration

Network Analysis with pfSense

  • by Joe Abraham
  • 38m Duration
  •  (11)

Network Analysis with Maltrail

  • by Rushabh Doshi
  • 22m Duration
  •  (12)

OS Analysis

In this section, you will learn about the tools associated with OS analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

OS Analysis with HELK

  • by Aaron Rosenmund
  • 29m Duration

OS Analysis with RegRipper

  • by Shoaib Arshad
  • 39m Duration
  •  (18)

OS Analysis with Wazuh

  • by Zach Roof
  • 36m Duration

OS Analysis with Volatility

  • by Tim Coakley
  • 27m Duration

OS Analysis with The Sleuth Kit & Autopsy

  • by Ashley Pearson
  • 15m Duration

OS Analysis with osquery

  • by Joe Abraham
  • 31m Duration

OS Analysis with OSSEC 3

  • by Michael Edie
  • 24m Duration

Infrastructure Analysis

In this section, you will learn about the tools associated with infrastructure analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Cloud Infrastructure Analysis with Scout Suite

  • by Guillaume Ross
  • 29m Duration

Cloud Infrastructure Analysis with Prowler

  • by Tim Coakley
  • 24m Duration

Container Infrastructure Analysis with kube-hunter

  • by Zach Roof
  • 42m Duration

Container Infrastructure Analysis with Trivy

  • by Zach Roof
  • 49m Duration

File Analysis

In this section, you will learn about the tools associated with file analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

File Analysis with TruffleHog

  • by Tim Coakley
  • 23m Duration

Application Analysis

In this section, you will learn about the tools associated with application analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Application Analysis with Endlessh

  • by Laurentiu Raducu
  • 16m Duration

Incident Management

In this section, you will learn about the tools associated with incident management to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Incident Management with TheHive

  • by Pluralsight
  • 27m Duration

Learn with the best

Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more
Josh Stroschein
Josh Stroschein
Dr. Josh Stroschein is an Associate Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a Threat Researcher for HP Wolf Security and is the Director of Training for the Open Information Security Foundation (OISF). Josh has spent years developing security-related courses and is passionate about sharing that knowledge with others all over the world.
Joe Abraham
Joe Abraham
Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who ... more
Rushabh Doshi
Rushabh Doshi
Rushabh Doshi is an Artificial Intelligence/AWS/Azure/GCP cloud architect with extensive experience in DevOps, NoSQL Databases like MongoDB, Cassandra.He is an orator/speaker/tech evangelist, have participated in several tech events/seminars, conducted trainings across Europe/US and Asia Pac.He is one of the first few certified cloudera big data professional with extensive experience in Apache Flink, Spark, Hadoop and ELK stack. He has over 14 years of consulting, training, designing and archite... more
Shoaib Arshad
Shoaib Arshad
Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sh... more
Zach Roof
Zach Roof
Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy... more
Tim Coakley
Tim Coakley
Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases. Parallel to this Tim ran a research and development business creating solutions from design through to support resulting in some unique and niche software not developed anywhere else. Tim now works fully within t... more
Ashley Pearson
Ashley Pearson
Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.
Michael Edie
Michael Edie
Michael Edie is an Information Security Practitioner and consultant with over a decade of experience. He serves as the Principal Engineer of SmashTheStack (https://smashthestack.org). Michael is a 22-year US Army Veteran and blogs regularly about various information security and technology subjects. He has been a community speaker for various tech non-profits and at BSIDES Augusta. His passions outside of Infosec include family, motorcycles, traveling, cryptocurrency, movies, and chess.
Guillaume Ross
Guillaume Ross
Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.
Laurentiu Raducu
Laurentiu Raducu
It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ... more

Join our learners and upskill
in leading technologies